Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

AssFace asks: "I run a blog that is dedicated to just things relating to spam (for the most part, the discussion is of how to stop it). I received an e-mail from a reader of the blog today that described the situation he was in.
His words: 'I have a small recruiting business, with about 600 paying clients who are looking for jobs in education. About twice a month, I send an update message to all of them via e-mail. I also send them personal messages as needed. Unfortunately, Hotmail (which a great many of my clients use) seems to think that I am a spammer. With Hotmail's spam blocker set on "Medium," my e-mails go to the recipient's Spam folder.
AOL and Yahoo may be blocking my messages as well, though I'm not yet certain.' I wrote my own thoughts on it and then offered it up to comments from the users of the site. My responses to his e-mail apparently weren't anything that could help his particular situation.
So, regardless of the validity of this particular person's plea, what is a small business service to do if they are blocked by the major ISPs?"

Why does the sender have to get on HotMail's global white list? Why can't the receiver put the sender on his own private white list? The story submitter said that the mail goes to the spam box, which means that it gets through, but it gets through & causes inconvenience. Once the recepient adds the sender to the address book, the mail should end up in the inbox. I could be wrong, though.

If these people want jobs, then they have to start being competitive. Learning to use email is a good start. It's imp

I believe they go through brightmail or another one of the big companies. You need to pay a big chunk to get onto their whitelists every year.

One of our anti-spam guys has been engaging in dialogue with a lot of the big mail providers like aol, hotmail and yahoo. You won't find it on their front pages, but if you dig around you'll be able to contact their post masters and work from there.

I'm fairly sure that hotmail does. Add a message for users signing up from hotmail "please add the following address (list@myblog.com or whatever) to your address book to avoid having our messages being blocked by your SPAM filter."

We have that problem here from time to time, and the way we solve it is by actually calling up or e-mailing the ISP explaining the situation. Usually they're helpful and will give you directions on how to prevent further blacklisting.

My company has this problem a lot. It's quite irritating when customers send us livid email saying they haven't received the download link and we have sent it 3 or 4 times. We have asked our customers to not use Yahoo or Hotmail addresses but still some do. I have tried to contact Yahoo, Hotmail and AOL to see if we are blackkisted, blocked or whatever. I was never convinced I had a good way to contact them.
How did you actually contact the ISP and get someone to respond to your request. I would really app

Oh, so they want payola now? There's a bad precedent if there ever was one. Their price list makes the bi-annual software upgrade look cheap by comparison. Even a non-profit has to fork over a $375 application fee. Why should the innocent victims have to pay?

These hopelessly ineffective anti-spam "services" fail to consider the impact of their business methods on the poor users. Every one is different. Every one wants you to do a Special Thing to prove your innocence. Every week someone else decides they h

Is Hotmail blacklisting (ie, he can't send even one email there), or is it just balking at the 600 addresses in the cc or bcc list?
Many ISP's see such bulk mails as spam, and block them. The solution is simple: send them out in batches of twenty. There are many mail management applications that will do this for you. I ran into this problem myself, and turned Mailgust [mailgust.org] for batched sending.
-Michael Greer

I don't think they're that stupid. If they see you sending identical emails to lots of people, they block it, even if they come in separate batches. Otherwise it would be too easy for spammers to do the same thing (I guess the first batch or two might get through). Even if this works for now, it seems likely that this could stop working at any time, so I would much perfer a real solution (like talking to hotmail and showing them what you're sending, or having users whitelist you if possible) to trying to ha

Doesn't work for all emails though. When I first started my new job, one of the first things I did was send an email to about 20 people as bcc. The ones sent to my former co-workers all were marked as spam.

Make it a rule that you will not take anyone as a client unless they have an email address with someone other company than Hotmail or AOL. Recommend an email company, and suggest they have an email address just for your messages.

...you will not take anyone as a client unless they...He's running a small business. For a massive company like Amazon or eBay, yes, this is an ideal solution, but he shouldn't be forced to alienate clients because of their choice of email provider/ISP.This should be an extreme last resort!

I should have mentioned not to use Yahoo, also. Yahoo has shown itself to be very adversarial also, with its tricky practices opting users into receiving ads.

He could give free email accounts using Powweb [powweb.com] as a web host. (650 email accounts allowed for $7.77 per month.) Powweb seems to be the best web hosting provider. Since all the mail would be coming from and going to his own domain, it can't be blocked. Isn't that a complete solution?

About two years ago, I reviewed 550 web hosting providers and came to the conclusion that PowWeb was the best for low- and medium-traffic sites. I've had to explain to customers that, even though Powweb is inexpensive, it is better than all the $30/month web hosting providers I've seen.

Considering how fast things change on the internet, 2 years ago is a lifetime. If you did an honest review of 550 hosting providers, that would have taken about a full six months unless you had a large team helping. In order to actually KNOW how good a hosting provider is, you have to use them, try the customer service, measure uptime, performance, etc. I seriously doubt you did that with 550 hosting services.

My evaluation only took three whole days. That's because many hosting providers could be eliminated very quickly. Many provide a very narrow range of services, connected with selling web site design, for example.

Many hosting providers can be eliminated because their web pages indicate that they are badly managed.

Yes, I do. I've run three websites throught them for over 2 and a half years now; I've been with them through their growing pains and have seen many of the limits (HD space, inodes, throughput) quadruple or more in that time.

PowWeb still makes changes that will catch you with your pants down (apache/php/sql configuration changes, changing your IP address [a real problem if they don't manage your DNS], and others), and they still have problems with email -- the la

Yes, Powweb makes changes without warning their customers. Stupid. One Powweb tech support person told me that fundamental changes were made to the OS without logging them!

One influential tech support person at Powweb was very immature and very willing to lie. I see no evidence he is still at Powweb.

I think clients could be warned that there are often problem with Yahoo, AOL, and Hotmail email, and offered a free alternative if they want it. Properly introduced, I think a free, business-only email a

While it's a good idea; it does not seem very feasible. Are customers willing to use ANOTHER e-mail address ? Most are lazy and probably will feel burned by checking an extra e-mail account just for his business.

I agree. I work at an educational institution that needs to send frequent messages to over 1,000 students. We're almost at the point where we won't accept Hotmail addresses. We've actually started a project to collect IM account information as the last option for contacting students, so much email never makes it to the recipient.

This is probably pretty easy. He needs to get the mail headers from his clients that are affected by this. Each provider probably adds X-headers that add up to a score, a spam determinant. Some providers may choose to not put a detailed score listing in, oh well. I know that the system we use is based on SpamAssassin, and every rule has a weight. Things like entries in DNS-RBL add to the score, or no reverse-DNS, Bayesian scoring, keywords, etc.

Find out why, and fix each thing that comes up. Maybe his mailserver has no reverse DNS, fix that. Maybe his ISP or his IP is on a blacklist, get it fixed or take his business elsewhere. Maybe subscribe to a service that handles email marketing responsibly, like (gasp) Microsoft's bCentral, they will make sure that they don't get blacklisted.

I've found that Yahoo's spam filters routinely block friends of mine - they'll forward me a joke, and because that joke is doing the rounds, it'll be treated as spam by default.

So, basically, I have to do two things. First, I never just blanket-empty my Bulk folder. Second, when I find someone being put in Bulk, I add a "rule" that automatically moves email from them into my Inbox. Unfortunately Yahoo doesn't document that this is what you need to do, so less experienced users wouldn't use this as a solution, if they knew how to do it at all.

I say whitelisting and education in my Subject line, the second is important. I try to persuade people to send email to my home address (which has an effective, no false positives, system enabled, based upon allocating every entity who wants to do business with me a unique, deletable, email address. No, before anyone responds, this isn't like the service that provides you with throwaway email addresses, that's a dumb idea that's likely to just end up with your domain blocked, I want legitimate businesses to be able to do business with me, and do so often on a long-term basis, I'm not trying to scam anyone) if the email absolutely does not have to be read by me at work.

More importantly, people have to realise that most filter-based systems, be they dumb like SPEWS or "learning" like Bayesian systems, carry the risk of blocking legitimate emails - SPEWS type systems are especially bad because their definition of "guilty" includes "being a customer of an ISP that also has a spammer as a customer" and there are anti-spam blacklists that have entire countries listed. The blacklist technologies are a kind of lynch-mob justice, they feed people's lust for revenge, but they ultimately seem to cause more problems than most. The non-blacklist filters, such as Bayesian, are better and not endowed with such a legacy, but they still carry some risk.

The point ultimately is that people need to know that anti-spam systems do not just block spam. You should devote a day a week going through your "marked as spam" messages if your email is important to you - most of the time it's a five minute job anyway, if my experience with Yahoo's bulk mail folder is anything to go by. It's not like you have to read anything more than the names and subjects for the most part.

Let me start with a rant:I tell you, the radical anti-spammers really are becoming more of a problem than the actual spammers! Spammers are evil: they make email hard to use and take up Internet resources. Radical anti-spammers are worse: they actively try to make email not work. They are the primary reason I have to run my own mail server. I don't want to lose email because some idiot admin thinks some email I got is spam and deletes it. Or worse, just blacklists whole swaths of IP space. Unfortunate

I got one a while back with big red letters that said "Your credit card has been put on a probationary status. Please reply with you name, card number, expiration data, address, and social security number to remove probation."

Actually, I think that this is exactly what will be necessary. Something like e-mail that isn't e-mail, that is based on "sender pays whoever they're getting internet service from" needs to come along and everybody needs to change over. You get to send up to x number of emails or y number of bits during each billing period if you're on a "$19.95 a month for all the dial-up you can eat" type plan and if you exceed that limit you pay extra (rolling over unuse

A lot of people have already discussed ideas like this. You should look into what they are saying, as there are some good proposals. There are also some problems with the way you propose things in that running a large mailing list would go from cheap to quite expensive. Better are systems that try to arrange it such taht you only pay if the recipient doesn't know you or hasn't specifically asked for your mail, although details of this are tricky.

Whoever causes the expense should be financially liable for it. If you're running a large mailing list and the recipients agree to accept stuff "postage due" from you, since it's their desire to receive it, then the expense is born by those who really cause it.

Unfortunately, since I chose to run my own mailsever, I've now earned the ire of the same anti-spammers, because I'm not using a corporate controlled mail server

A bit OTT but you are onto a real problem: blacklists will (and have already) make running mailservers a lot more difficult and thereby will help consolidate control of email by a few big players. Just the sort of thing/.ers like, right?

It also takes some time to discover that your emails are disappearing: my ISP was blacklisted and it was sever

Unfortunately, since I chose to run my own mailsever, I've now earned the ire of the same anti-spammers, because I'm not using a corporate controlled mail server. Spam is a problem, but it's not worth destroying email over!

Please explain where you've "earned the ire of the same anti-spammers"? I really would like to know.

I know many individuals who run their own mail servers, and in fact many of them are themselves anti-spammers, they chose to run their own server because they wanted stricter spa

Agree totally. It can be worse than just getting your valid email blocked.
It is possible to get one particular large (but cheap) US web hosting company to shut down a web site simply on the basis of a single (that is, just one) complaint listing on spamcop.net. This complaint was triggered by a single instance when the receiver failed to recognise an email advising him of a domain name change for the list(because it came from the new site he did not recognise it, and although he'd subscribed to it, he sho

My company's emais were being dumped into the spam folder on Yahoo! Getting our email out of the Bulkmail folder was a lengthy process that took several attempts to start. I had to submit sample copies of our standard emails, and a copy of our privacy policy, and a rather lengthy survey. They reviewed the information, put us on probation, and reviewed the findings at the end of a month. My company is legit. I had no doubt that they would back our company off the blacklist. Incidently, the only way I found the proper channel to report the problem was to contact corporate HQ. Some deep digging was done and I finally ended up with an email address to report to: mail-abuse-bulk@yahoo-inc.com

Basically you just have to include a special, copyrighted Haiku in your e-mail, and most spam filters will let your mail through. The Haiku warrants that your e-mail is not spam, because you have to license the usage of the Haiku, and the terms prevent from using it in spam mail.

I'm not sure if Hotmail respects the Habeas Haiku, but it might be worth a try.

Yes - spammers putting random words in is an effort to avoid being automatically judged to be spam based on content. The Habeas poetry is a pre-set sequence that can bypass the same filter (if the filter is aware of it). The idea is that it is *illegal* for the spammer to put that particular piece of poetry into an email.

Of course, the idea is slightly daft, because I get "spams" that offer illegal products (in my jurisdiction). *If* the spammer could be found, they could be shut down -- but they

This idea rings a familiar tone. It reminds me of gun control laws and the death "penalty".

I think these things are good, and there is a happy medium, but probably for most of the folks who run afoul of these laws, the law is irrelevant. Folks who go around town with ak47's probably intend to commit multiple felonies, what's another couple charges to them? Likewise, folks who intend to murder other folks probably aren't concerned with the severity of the penalty. The basic punishments for murder seem like

Sounds like the Habeas Sender Warranted Email Solution would help here.

Unfortunately, probably not.

Some months ago a spammer was abusing Habeas' copyrights, so I set the SpamAssassin score that my mail server assigned to Habeas to zero. I never removed that zero setting and I expect lots of other SA users also have a zero Habeas score in their SA settings.

Basically you just have to include a special, copyrighted Haiku in your e-mail, and most spam filters will let your mail through. The Haiku warrants that your e-mail is not spam, because you have to license the usage of the Haiku, and the terms prevent from using it in spam mail.

I have never received real email that contained the Habeas Haiku. On the other hand, I have received hundreds of spam messages that contained the haiku. I learned of Habeas when I was trying to figure out why an obvious spam messa

For about a year now, I have tried a new anti-spam approach. Previously, tried black listing, white listing, and etc.

Problem is that the spam keeps coming, and sucks *my* bandwidth.

So I thought about it... And here's what I do. I use a hotmail account. With spam protection. Set to DELETE spam. I use a script (gotmail) to read the hotmail and transfer to my "real" email. Hotmail does a pretty good job on anti-spam, *and* I don't have to bother about the bandwidth.

Once we have a relationship established, you get my "real" email.

And I'm sticking to it. Works for now -- I've only had 100ish pieces of spam in the past year. Note that Hotmail seems to have improved the anti-spam features in the last six months (there was a sharp drop in spam).

If I subscribe to a list, I *only* use the hotmail address. Bet your bippy. I don't *trust* you yet, and I don't know where that email address is going. If the list gets bounced -- I don't see it, and, frankly, I don't care that much. Better than getting hammered on my server using my bandwidth.

Our system uses e-mail to notify customers of status changes. For a while, AOL decided that we were spammers, althought that has just as mysteriously subsided. We have had intermittent problems across the board... in part because our messages meet a lot of the standard patterns for spam: includes links, unique identifiers (account numbers), etc. We have tweaked them over time to be less likely to be mistaken for spam, but nothing we do seems to make it perfect.

To get around these problems, we have basically had to implement a private communication system in our product so people see notifications when the log in. For frequent users, this works well enough they can turn of the e-mail notifiers, but for very occasional users, having to log in to see notifications takes a lot away from the ease of use.

Frankly, I don't see a great fix anytime soon: the spammers have taken to copying legitimate e-mail messages into "hidden" text, while the actual spam is delivered via CSS and Image tricks...the battle rages, probably for at least the next ten years (at which point I'm hoping that public key cryptography will allow people to prove they are actually who they say they are) which is why we created a backup communication channel.

This question was worded in a fairly confusing manner, either hotmail is blocking him because he's mailing 600 people, or it's blocking him because his emails sound like spam.

If your emails sound like spam, fool around with them until they no longer sound like spam. Mail your own test hotmail address and see how it's received. Hotmails spam blocking may not be perfect, but I'm sure it's not out to get you specifially.

If you're emailing all 600 people in one batch, that's idiotic and email each person indi

If you're emailing all 600 people in one batch, that's idiotic and email each person individually.

I don't see how it's idiotic--assumming mailservers are blocking mail merely because they consider emails with more than a handful of recipients to mean the mail is spam, I can't see how pandering to such silly behavior is in the long-term best interest of anyone.

In fact, RFC2128 even discourages such behavior:

recipients buffer

The minimum total number of recipients that must be buffered is 100 re

Change the text of the message. Change the from address. Add random words. Use 1337-5p34k. Forge the headers.

Seriously, it depends on why you are getting filtered. If you are getting filtered by content, then the spammer's techniques may actually work. If you have been black-listed, then your best bet is to work with the ISPs to see what you can do to get taken off of their blacklists. If possible, have your users white-list you.

There are ways to get around it. I've created a couple of legit mass email applications for clients (definitely not spam!), the most recent as a PHP app. It took quite a bit of tweaking, but I was able to get it to sneak the emails it generates past most spam filters.

Sending mass email using CC or BCC is just about a guaranteed way to trip the filters at AOL or Hotmail. I'm pretty sure they check the message id in the header, among other things.

We have only the recruiter's word that he is not a spammer. Is his 600-client email the ONLY email he sends? I think we all know about the reputation that recuiters have. I've received spam from recruiters and I wouldn't be surprised at all if he was spamming to get new customers as well as sending his monthly updates to clients.

I think RSS news feeds are the perfect solution to many of these situations. Give the user the ability to subscribe to an RSS feed rather then getting an email... this unfortunately will be only suitable for advanced users.

Once spam forces more to go down this track, I'm sure better tools, and better integration with desktops will open the flood gates.

Look, if you could get your message into my inbox by actions that you could take, then the SPAM filter has *failed* and would need adjustment.

The idea is to filter out things that look like spam. And I'm sorry, but what you say you're sending sounds like a lot of the spam I get, so it rightly should get filed as Junk.

That's not to say that it is, indeed, spam, if it's a pay for it sort of list. But the thing is that no email service deletes spam by default. If your message are getting foldered off somewhere, then it's up to the users to whitelist you and let your emails appear in their inbox instead of getting junkfiled. All of these free mail services have such capabilities.

But I would certainly hope that there would be nothing the sender of the email could do that would move his mail from my junk folder to my inbox. If they can, then the spam detection needs to be fixed. See the idea here?

The problem is those who complain that they never got their receipt for their download purchase or any response to their web-submitted trouble ticket. They may have been either directly or indirectly responsible for creating the filter, but sure aren't willing to take responsibility for that fact.

I have scripts that send out messages in both of those situations as well as to deliver 30 day trial URL's. In every single one of those cases, the user directly requested it and in one of those cases, the user is

However, I find an increasing number of these messages never get through. Instead of smooth operations that provide the requested information immediately, I hear from someone 2 weeks after I responded to their trouble ticket and they're irate because I "never responded".

I hear you and understand your dilemma, but what I'm saying is that if you have any actual way out of this dilemma then it's likely that the system is broken. The whole point is to put the user in control of what they get, and to remove co

Other than the words "Eric" and "Smith", I see nothing in common between those two people. Even the middle initial is wrong (S vs. A).

Considering the commonness of the name "Eric" and the freakin' cliche commonness of "Smith", I think it's a bit of a leap to instantly assume these are the same person. I'm not saying they are not, but I am saying that I'd personally need a bit more evidence to buy into your theory here...

Forget it. Email is broken. It cannot be used in a reliable sense by any commercial entity. Partly this is due to the anti-spam activists that want all "commercial" email banned. Partly this is due to ISPs that implement filters and have decided that they do not need to whitelist anyone without performing their special procedure. You cannot win at this game - the

If you send hashcash on your mail, then at least for people using spamassassin 2.7 (and soon to be released 3.0) your chances of being subject to false positive pretty much disappear.
(Think I read spamassassin is used on about 130M inboxes)
See hashcash [hashcash.org] for instructions on hooking hashcash up to various MUAs and MFAs.
(Hashcash does not cost money, it costs the senders CPU time to create a Proof of Work stamp which looks like this: